ASP.NET MVC4 Redirect to login page
Question
I'm creating a web application using ASP.NET MVC 4 and C#.
I want all users to be logged in before using application.
I'm using ASP.NET Membership with a custom database.
One method is check if Membership.GetUser() is null or not in every function.
But isn't there any easier way than checking user login state in every function? (maybe checking in web.config, global.asax, etc...??)
6 answers
solution1
49 ACCPTED 2012-07-26 15:21:59
当然,使用[Authorize]装饰你的动作或整个班级,它将要求用户首先登录。
solution2
12 2012-07-26 15:31:31
Put [Authorize] over each action that you want only logged in users accessing. You can also do this at the controller level, making all actions within the controller secured. The latter is probably best for you, since you probably only want all of your pages disabled for guests.
Here's what the class-level one looks like:
[Authorize]
public class SomethingController
{
//...
}
and here's an action-level one:
public class SomethingController
{
[Authorize]
public ActionResult SomeAction(Parameter someParameter)
{
//...
}
}
Another way to do it, if all or most of your pages use the same master page, is to put:
<script type="text/javascript>
@if(!Request.IsAuthenticated) {
window.location.href = redirectURL;
}
</script>
or if you arent using razor syntax,
<script type="text/javascript>
<% if(!Request.IsAuthenticated) { %>
window.location.href = redirectURL;
<% } %>
</script>
in the master page. That way, all pages which use that master page will redirect elsewhere if the user is not logged in. This only applies if you are using the built-in authentication, though. NOTE: This option is far less secure than the first option. Use this only if site security is not a big concern
solution3
4 2012-07-26 15:22:06
You could write a custom [Authorize] attribute. Then simply decorate controllers/actions with it or if all actions require authorization you could register it as a global action filter.
solution4
4 2013-12-03 21:46:23
You can put [Authorize] attribute at your controller or at single methods in your controller so you would choose who can open the actions and with what permissions. You can also authorize with roles like : [Authorize(Roles="Admin")] where you will authorize only users in admin role to access your action/controller. For example:
[Authorize(Roles="SimpleUser")] or with no roles [Authorize]
public ActionResult Index()
{
return View();
}
[Authorize]
[HttpPost]
public ActionResult Index(FormCollection form)
{
... whatever logic
return View();
}
Hope this helps ;]
solution5
4 2017-09-13 10:04:43
I know this question already has an answer but if the intention is to lock down the whole app except for a select few controller actions then I feel like this is a better solution ...
In the startup / init for your app add ...
httpConfig.filters.Add(new AuthorizeAttribute());
... then on actions you DONT want to secure ...
[AllowAnonymous]
public ActionResult Hello() { return View(); }
solution6
2 2013-06-24 06:26:46
Use [Authorize] at the class level
if you want to allow anonymous access to some actions use [AllowAnonymous]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.